NotCompatible Android malware a 'risk that should not be ignored' says Lookout

The latest evolution has 'set new bar for mobile sophistication and operational complexity' say experts

The NotCompatible Android malware has evolved into a significant threat, mobile security firm Lookout has warned.

Lookout says that over the past two years the malware has mutated from the "relatively simplistic" architecture of NotCompatible.A into NotCompatible.C, which "has set a new bar for mobile malware sophistication and operational complexity".

It is, says Lookout, "an earthworm with its tail cut off that regenerates and thrives", and sports a command infrastructure that "perseveres and self-protects through redundancy and encryption, making it elusive and enduring".

The virus is currently only used as a proxy to "run spam campaigns or scalp concert tickets" but Lookout believes its use "could expand to assist in attacks on corporate networks".

NotCompatible.C is more like the type of malware used "by PC-based cybercriminals", said Lookout.

Lookout said it is currently unknown exactly how many devices have been infected with NotCompatible, though the number is likely in the hundreds of thousands, effectively forming a botnet for hire.

"Our investigation shows the possibility that a threat like this could expand to assist in attacks on corporate networks, a risk that should not be ignored," wrote Lookout's Tim Strazzere in a blog post.

Lookout admitted that NotCompatible.C has so far not been used to attack protected networks, but warned that the potential for such an attack should not be ignored.

"How could this threat make its way into an organization?" asked Lookout.

"As soon as a device carrying NotCompatible.C is brought into an organization on a mobile device, it could provide the operators of this botnet with access to the organization's network. Using the NotCompatible proxy, an attacker could potentially do anything from enumerating vulnerable hosts inside the network, to exploiting vulnerabilities and search for exposed data."

And with "business demand" for the virus as a rented botnet likely to be high, concerns are now growing that NotCompatible could futher evolve into something even more dangerous.